MiSec Meetup August 2014

For August’s meetup,Steven Legg (@zenm0de) will be presenting “Thinking Outside the Bunker: Security as a Practice, Not a Target”.

Very often people think of security as a target – a static check box that needs to be achieved once and is only validated through auditing and compliance. Amidst gunfire and dead zerglings, we will utilize a framework to plot the (recurring) course of action and learn to stay on top of our security in practice. Don’t worry, there will be no shortage of marine-filled examples and creative liberties used to examine what this concept means to you, your team, and your business.

Thursday, August 14th, 7-9 pm

First Center Building
26911 Northwestern Highway
Southfield, MI 48033

MiSec Conferences July 2014

The second Thursday of the month, in July, is day one of our new Converge conference. Join us at Cobo for the two day event, followed by BSides Detroit on Thursday.

Converge Detroit – Thursday and Friday, July 10-11

BSides Detroit – Saturday, July 12






MiSec Meetup May 2014

We have two guest speakers for May’s meet-up. Jimmy Vo (@jimmyvo) will be presenting on “How To Win Friends and Influence Hackers”. Afterwards, Nick Jacob (@MortiousPrime) will opine on information security, piracy, video gaming, sea shanties, and raising snakes. Don’t miss.

Thursday, May 8th, 7-9 pm

First Center Building
26911 Northwestern Highway
Southfield, MI 48033

MiSec Meetup April 2014

Our guest speaker “Bob” will be giving a talk on OSINT, and protecting one’s privacy in the age of ubiquitous communication.

Thursday, April 10th, 7-9 pm

First Center Building
26911 Northwestern Highway
Southfield, MI 48033

March Threat Modeling Workshop

Over the past six months, a core group within #misec has been developing a threat modeling approach. We held a small focus group in October to work out the approach. The concepts were presented at GrrCon, BSides Jackson, BSides Columbus, and the local ISSA chapter. With that, we received a lot of feedback and improved the model. We are now ready to hold a larger workshop on threat modeling.

Workshop tickets, free as always, are available here:

Saturday, March 8th, 10 am to 4 pm

R.L. Polk
26533 Evergreen, 9th floor
Southfield, MI 48076

Please meet us at the North Entrance. One of us will show you up stairs.

MiSec Meetup March 2014

March is the quarterly OWASP Detroit meeting and will feature a presentation by Robert Former on embedded encryption.


Robert Former is a security engineer with 20 years of experience in the IT field. Throughout his career, Robert has worked in many aspects of Information Technology and has experience in the design, implementation, and operation of cabling, LAN, WAN, MAN, both traditional and IP telephony, data centers, server systems, and, for the last 9 years, information security and compliance. Robert currently holds the ISC(2) CISSP™, ISACA CISA™, and NSA IAM/IEM certifications. He is employed by Neohapsis, a leading security research and consulting firm based in Chicago, IL, as a Senior Security Consultant. In his spare time, Robert enjoys spending time with his family as well as pursuing photography, sailing and amateur radio.


Encryption is a tricky business in the best of circumstances. Encryption on embedded systems is a minefield of opportunity for poor implementation. This talk will explore some common missteps in crypto implementations on embedded systems focusing on Internet of Things (IoT) and smart meters. Ways of avoiding the common mistakes will be presented and offered up for discussion.

Thursday, March 13th, 7-9 pm

First Center Building
26911 Northwestern Highway
Southfield, MI 48033

MiSec Meetup February 2014

For February, Zach (@quine) will be presenting on his research into the new BlackBerry smart phones.

No Apology Required: Deconstructing BB10

BB10, BlackBerry’s next generation mobile operating system, is a stark departure from the traditional BlackBerry OS. Like its cousin, TabletOS on the PlayBook, it’s based on QNX and supports numerous frameworks and runtimes (including support for Android), as well as native code — a first for BlackBerry devices. Incidentally, it’s also chock full of peculiar design decisions and strange bits of hackish glue, many of which give rise to vulnerabilities.

In this talk, we will present our objective security analysis of BB10, focusing on the methodology used in assessing this black box system. We will discuss processes used to gain low level access to the system, analyze system internals and firmware, and instrument processes. We will also explore network and application attack surfaces, documented and observed security controls, and findings from our assessment.

Thursday, February 13th, 7-9 pm

First Center Building
26911 Northwestern Highway
Southfield, MI 48033

BSides Columbus

BSides Columbus is coming up and John (@Cranky_JC) is organizing the invasion. The time and place:

When: Monday, January 20th, 2014
Where: Doctors Hospital West, 5100 W Broad St, Columbus, OH 43228

BSides Columbus is being keynoted by Dave Kennedy and Jayson Street. The speaker line-up includes #misec favorites like Steven Aiello, Nick Jacob, Mark Kikta, and Wolf Goerlich. There is no better way to spend a Monday.


Carpool sign-up:

MiSec Meetup January 2014

Ushering in the new year, Steven Fox is presenting on Open Source Intelligence (OSINT) at the first meet-up of 2014.

The Lens of Trust – Investigating Crime with OSINT

Missing persons cases, kidnapping, financial fraud; these are some of the cases investigated with the use of open information sources. Long thought to be a tool of cyber miscreants, Open Source Intelligence (OSINT) is playing an increasingly popular role in gathering indicators of criminal activity, analyzing the data for patterns, and deriving intelligence to supplement traditional investigations.

This session explores a case where the rigor of jurisprudence enabled the use of OSINT to gather evidence for analysis in the courts. Attendees will learn how the rules of evidence were applied to social media findings and how that data was handled and used to solve a criminal mystery.

Steven F. Fox provides security guidance to ensure compliance with Federal standards and requirements as a Senior Security Architecture and Engineering Advisor for the IRS. Fox contributes to multiple working groups including the IPv6 transition team, Developer Security Testing workgroup and the Security and Privacy workgroup. He brings a cross-disciplinary perspective to the practice of information security; combining his experience as a security consultant, an IT Auditor and a systems engineer with principles from behavioral/organizational psychology to address security challenges. He is a syndicated blogger covering IT Governance, Risk Management and IT-Business fusion topics. He also volunteers his time to the Ponemon Institute and Security BSides Detroit.

Thursday, January 9th, 7-9 pm

First Center Building
26911 Northwestern Highway
Southfield, MI 48033

MiSec Meetup December 2013

At December’s OWASP Detroit meeting, Jeremy Nielson (@jeremynielson) will present Susie the Useful SOC Puppet: A blue-team bedtime story.

Susie spends her days looking at logs. Lots and lots of logs. But one day Susie discovered there was more to being a SOC puppet than just looking for APT1. Follow Susie and her team of puppets as we cover a couple of real-world attack scenarios and how we can apply our IDS alert findings to securing our vulnerable web applications.

Thursday, December 12th, 7-9 pm

First Center Building
26911 Northwestern Highway
Southfield, MI 48033

Return top

About MichSec.org

We are a collective of Michigan based information security professionals (or maybe just people interested in security) looking to share knowledge and make the world a safer place.